<?php
class adminsession{
	var $uid = 0;
	var $isfounder = false;
	var $cpaccess = 0;
	var $admincp = array();
	function __construct(){
		$this->adminsession();
	}
	function adminsession(){
		global $_SESSION;
		if (!isset($_SESSION['admincp'])){
			$this->cpaccess = 0;
		}else {
			$this->admincp = $_SESSION['admincp'];
			if ((isset($this->admincp['adminid']) && $this->admincp['adminid']<1) || empty($this->admincp['admin']) || empty($this->admincp['password'])){
				$this->cpaccess = 0;
			}else {
				$this->cpaccess = 1;
				$this->isfounder = $this->isfounder($this->admincp['adminid']);
			}
		}
	}
	function isfounder($adminid){
		return in_array($adminid,explode(',',$GLOBALS['founders']));
	}
	function AdminLogin($admin,$password,$randcode){
		global $db,$LANG,$_SESSION;
		$links[0] = array('text'=>$LANG['go_back'],'href'=>$_SERVER['HTTP_REFERER']);
		if (!($randcode == $_SESSION['randcode'])){
			showmsg('login_error_3',1,$links);
		}
		$admindata = $db->get_one("SELECT a.adminid,a.admin,a.password,a.cpgroupid,g.cpgroupname,g.cpgroupperms FROM sdw_admins a LEFT JOIN sdw_admingroups g ON g.cpgroupid=a.cpgroupid WHERE a.admin='$admin'");
		if (empty($admindata)){
			showmsg('login_error_4',1,$links);
		}elseif (!(md5($password)==$admindata['password'])){
			showmsg('login_error_5',1,$links);
		}else {
			$_SESSION['admincp']['admin'] = $admindata['admin'];
			$_SESSION['admincp']['adminid'] = $admindata['adminid'];
			$_SESSION['admincp']['password'] = $admindata['password'];
			$_SESSION['admincp']['cpgroupid'] = $admindata['cpgroupid'];
			$_SESSION['admincp']['cpgroupname'] = $admindata['cpgroupname'];
			$_SESSION['admincp']['cpgroupperms'] = $admindata['cpgroupperms'];
			//$db->update('sdw_admins',array('lastlogin'=>time(),'lastip'=>$_SERVER['REMOTE_ADDR'],'logintimes'=>'logintimes+1'),'adminid='.$admindata['adminid']);
			$db->query("UPDATE sdw_admins SET lastlogin='$GLOBALS[timestamp]',lastip='$GLOBALS[ipaddr]',logintimes=logintimes+1 WHERE adminid=$admindata[adminid]");
			$userdata = $db->get_one("SELECT uid,username,password FROM sdw_users WHERE username='$admin' AND adminid=$admindata[adminid]");
			if ($userdata){
				xsetcookie('uid',$userdata['uid']);
				xsetcookie('username',$userdata['username']);
				xsetcookie('password',$userdata['password']);
				$_SESSION['admincp']['uid'] = $userdata['uid'];
			}else {
				$_SESSION['admincp']['uid'] = 0;
			}
			$result = $db->get_one("SELECT COUNT(*) FROM sdw_usermails WHERE uid=".$_SESSION['admincp']['uid']);
			$_SESSION['admincp']['newmails'] = $result['COUNT(*)'];
			writelog($LANG['login_succed'],$admin);
			header('location:./');
		}
	}
	function AdminLogout(){
		$_SESSION['admincp'] = NULL;
		header('location:./');
	}
	function checkadminpriv($allow){
		if ($this->isfounder){
			return true;
		}else {
			$perms = explode(',',$_SESSION['admincp']['cpgroupperms']);
			if (!in_array($allow,$perms)){
				showmsg('priv_error',1);
			}
		}
	}
}
?>